Google was recently attacked by a phishing scam that sent business customers a fake link to a Google Doc (from a known contact) in order to access the customer’s login information. This affected many business owners, as you can imagine.

After the attack, Google’s Director of Counter Abuse—Mark Risher—released an article that detailed how Google protected its users against the phishing scam, and outlined how business owners can avoid similar scams by being proactive.

Below, you’ll find our summary of 6 Google pro tips that business owners can implement to stay proactive.

“If you use Gmail, you can rest assured that every day, millions of phishing emails are blocked from ever reaching your inbox.”

Mark Risher, Director of Counter Abuse at Google

Thanks to Google’s immediate action that used a combination of automatic and manual actions, the phishing scam was ended within an hour—and fewer than 0.1% of all Gmail users were affected by the attack.

Google’s layers of defense against attacks of all types:

  • Employs dynamic, risk-based challenges to prevent suspicious account sign ins
  • Provides “Safe Browsing” warnings within Gmail and across more than 2 billion browsers
  • Uses machine learning to detect spam (99.9% accuracy) and phishing messages
  • Scans email attachments for malware and other high-risk payloads


6 ways business owners can ensure account safety

Typically, G Suite administrators manage several users’ accounts, so they deal with a variety of security challenges on a regular basis. After the recent attack, G Suite administrators were contacted by Google to help them handle the various issues that their customers may have faced due to the phishing scam.

In his article, Risher described several best practices to help administrators improve the security of their Gmail business accounts. These best practices include taking advantage of the Google Security Checkup, being aware of every account’s warnings and alerts, and reporting suspicious emails and other content to Google.

  1. Review and verify current OAuth API access by third-parties
  2. Run OAuth Token audit log reports, and set up automated email alerts using the custom alerts feature (or script it with the Reports API)
  3. Turn on two-step verification for your organization, and use security keys
  4. Follow the security checklist when an account breach is suspected
  5. Publish a DMARC policy for your organization
  6. Use and enforce rules for S/MIME encryption


If you’re a business owner who leverages a virtual administrative assistant for email management then security issues can seem particularly tricky. But the best virtual assistant services have processes and protocols to ensure your safety.